In a telecommunication network, a plurality of network elements facilitates services such as telephone, Internet access, and wireless communication. Each of these services requires a vast number of communications points for communicatively connecting entities. As used herein, “remote elements” refers to any network element that is located in a different geographic location from an operations facility to access or control that element. Thus, if a person desires to monitor the status of a particular element that is 1000 feet away or in a different city, that curbside element (for example) is remote with respect to the operations facility. Exemplary network elements include Digital Subscriber Line Access Multiplexers (DSLAMs), Digital Line Concentrators (DLCs), hubs, switches, access modems, and other electronic components. These network elements are often present in a location remote from a management and operations facility.
Remote elements serve a litany of purposes and perform various functions, such as helping connect a subscriber to a service provider's network. Remote network elements are typically housed in an enclosure located near a subscriber's residence. Thousands of enclosures and elements may reside in a single city's telecommunication network. These remote network elements must be monitored to ensure that they are operating correctly. To monitor the status of these network elements, a service provider observes the status of the network elements by implementing alarm functions or status codes for each of the remote elements and communicate the status of the element back to the management or operations facility.
The conventional method of observing network status and receiving alarm messages is through communications over a private, operational-support network and/or “in-band” communication channels over a subtended network to the networks. These channels are not accessible by the customer. In the event of an operational-support network outage or loss of the “in-band” network management channel due to a problem with the remote network element, network connectivity would not be available for remote, network element restoration. The conventional methods for remote, network element restoration are to either dispatch a service technician to the remote network element or to use modem communications to access the element.
But conventional methods of employing modem communications to monitor remote elements suffers from various problems, including, for example, an inability to determine and control who accesses the device, and the insecurity that has historically been associated with establishing a trusted communications pathway to the remote device. For example, service providers typically use a modem located at various curbside enclosures to transmit the remote network element's status back to the central office. However, modems often communicate without secure-identification access mechanisms that would exclude intruders from accessing the network. Moreover, no centralized access-control mechanism is available (absent the present invention).
Currently, service providers rely on relatively insecure methods to access remote modems, and remote elements in turn. Communicating the status of network elements may be performed using dual connected workstations coupled to each other via modems. Modem-to-modem communication provides one workstation with the ability to dial-up and connect to another workstation using standard telephone service. Modem communication may be used to allow service providers to dial-up and gain access to curbside elements. But accessing remote elements via modems in this manner does not provide a secure path nor a method to properly manage network resources.
If a user wants to access a remote modem coupled to a remote element, a telephone number to the remote modem is simply dialed, and direct communication can occur with the network element. User-access restrictions (policy-enforcement measures, log-in control, central administration, authentication, authorization, and more) are unavailable in modem-to-modem communications. Accordingly, the need exists for a system and method that centralizes remote-element control in a network and can establish secure modem access, employing user-level authentication and other mechanisms to provide a trusted pathway between modems coupled to the remote elements.
To better illustrate a portion of the shortcomings of the prior art, reference is made to FIG. 1. FIG. 1 depicts the decentralized nature of a typical prior-art system 100 that employs modem-to-modem communication. The lack of security in system 100 is apparent in that a receiving modem 114 must accept calls from any phone number. Determining the myriad of possible origination numbers associated with a requesting modem 112 is too difficult. Accordingly, modem 114 cannot efficiently restrict access to itself (and thus a remote element 116) based on a dialed number.
For example, user A at workstation 110 connects to remote element 116 via a communication path between modem 112 and modem 114. But modem 122 must also accept calls from modem 120, 128, and potentially hundreds of other modems. Because so many potential origination numbers exist, destination modems 114, 122, 130, and 138 accept all calls. Such a scheme renders the destination modems vulnerable to access by an intruder or other unauthorized entity 136. The destination modems must rely on some form of user authentication. But administering a user-authentication scheme in such a decentralized system 100 is prohibitively difficult. Destination modems 114, 122, 130, and 138 are individually programmed to accept certain users. As those users change, each destination modem must be updated. Tracking current authorized users and updating the myriad of individual modems is almost impossible in even a moderately complex network.
Communicating with a thousand or more remote elements back to a central office requires sophisticated system-management resources and network security. Service providers maintain a high level of trust with customers, and do so, by providing reliable and secure networks. The provider needs to know when a remote element loses power, becomes inoperable, or otherwise malfunctions. A service provider needs to be aware when remote elements are broken, vandalized, or damaged due to natural or accidental occurrences. In a prior-art technique, the service provider dispatches a technician to a faulty element to troubleshoot and repair the deficiency. This scenario is costly, time-consuming, resource intensive, and delays service restoration. The current state of the art could be improved by providing a protected system and method to securely administer and monitor remote elements centrally utilizing an out-of-band process.
As alluded to earlier, one of the problems associated with the prior art is the lack resource-management control. Any person equipped with a remote modem's access phone number could potentially dial-up and connect with the remote element. Virtually any person can access the remote modem. Also, no security is provided to preclude an unauthorized entity from contacting and possibly corrupting one or more of the remote elements through the insecure remote modem. What is needed is a centralized, secure administration system that allows specific users to contact certain remote elements, easy modification of respective user privileges, and a secure method of communicating with the remote elements.